Jump to content

Hijack this log.


Recommended Posts

Just have recently found out i cant update windows or open some malware programs. i have tried the ultimate boot cd to no avail i am hoping through this to get malware bytes to work and fix most of my problems. Heres my log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:37:07 PM, on 4/30/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16809)

Boot mode: Normal

Running processes:

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Jugaari\Jaadu VNC Connect\JaaduConnect.exe

C:\Program Files\Registry Mechanic\RMTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:/ /www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F 0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sMSERIAL] C :\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [JaaduVNCConnect] "C:\Program Files\Jugaari\Jaadu VNC Connect\JaaduConnect.exe" -autostart

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O4=2 0- Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\R EFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{80302C92-C9E2-4115-BBB1-A2A285CC3D74}: NameServer = 85.255.112.24,85.255.112.118

O17 - HKLM\System\CCS\Services\Tcpip\..\{B9B865CD-3CA8-4801-81B4-4E1A090CE17D}: NameServer = 85.255.112.24,85.255.112.118

O17 - HKLM\System\CCS\Services\Tcpip\..\{C291AC11-BCE1-440B-B420-58CA47498310}: NameServer = 85.255.112.24,85.255.112.118

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.24,85.255.112.118

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.24,85.255.112.118

O17 - HKLM\System\CCS\Services\Tcpip\Param eters: NameServer = 85.255.112.24,85.255.112.118

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O22 - SharedTaskScheduler: Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files\Stardock\Fences\DesktopDock.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service=2 0(CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\V ongoService.exe

--

End of file - 13921 bytes

THANKS ALL!

Link to post
Share on other sites

Hi. :angry:

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

While waiting i also decided to run AntiRootkit and i have the log:

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-01 10:07:59

Windows 6.0.6000

---- System - GMER 1.0.15 ----

SSDT 912CF738 ZwAlertResumeThread

SSDT 912CF818 ZwAlertThread

SSDT 912DB720 ZwAllocateVirtualMemory

SSDT 90EF6B88 ZwAlpcConnectPort

SSDT 912CF488 ZwCreateMutant

SSDT 912BE498 ZwCreateThread

SSDT 90FF4660 ZwDebugActiveProcess

SSDT 912CFEF0 ZwFreeVirtualMemory

SSDT 912CF578 ZwImpersonateAnonymousToken

SSDT 912CF658 ZwImpersonateThread

SSDT 90FACB08 ZwMapViewOfSection

SSDT 90FF4900 ZwOpenEvent

SSDT 9127F698 ZwOpenProcessToken

SSDT 90FF4740 ZwOpenSection

SSDT 912DE400 ZwOpenThreadToken

SSDT 912DDAC0 ZwResumeThread

SSDT 912DE340 ZwSetContextThread

SSDT 90FAC9B0 ZwSetInformationProcess

SSDT 912DE270 ZwSetInformationThread

SSDT 90FF4820 ZwSuspendProcess

SSDT 912CF960 ZwSuspendThread

SSDT 90FFACC8 ZwTerminateProcess

SSDT 912CFA40 ZwTerminateThread

SSDT 912822C0 ZwUnmapViewOfSection

SSDT 912CFFC0 ZwWriteVirtualMemory

INT 0x61 ? 90894550

INT 0x62 ? 90891550

INT 0x71 ? 908947D0

---- Kernel code sections - GMER 1.0.15 ----

? C:\Windows\system32\drivers\rootrepeal.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtCreateFile + 6 773CF41A 4 Bytes [25, 00, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtCreateFile + B 773CF41F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtMapViewOfSection + 6 773CFB6A 1 Byte [25]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtMapViewOfSection + 6 773CFB6A 4 Bytes [25, 03, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtMapViewOfSection + B 773CFB6F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenFile + 6 773CFBFA 4 Bytes [65, 00, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenFile + B 773CFBFF 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcess + 6 773CFC7A 4 Bytes [A5, 01, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcess + B 773CFC7F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcessToken + 6 773CFC8A 4 Bytes [E5, 01, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcessToken + B 773CFC8F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcessTokenEx + 6 773CFC9A 4 Bytes [A5, 02, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenProcessTokenEx + B 773CFC9F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThread + 6 773CFCEA 4 Bytes [65, 01, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThread + B 773CFCEF 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThreadToken + 6 773CFCFA 4 Bytes [65, 02, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThreadToken + B 773CFCFF 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThreadTokenEx + 6 773CFD0A 4 Bytes [E5, 02, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtOpenThreadTokenEx + B 773CFD0F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtQueryAttributesFile + 6 773CFD9A 4 Bytes [A5, 00, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtQueryAttributesFile + B 773CFD9F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtQueryFullAttributesFile + 6 773CFE4A 4 Bytes [E5, 00, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtQueryFullAttributesFile + B 773CFE4F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtSetInformationFile + 6 773D036A 4 Bytes [25, 01, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtSetInformationFile + B 773D036F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtSetInformationThread + 6 773D03BA 4 Bytes [25, 02, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtSetInformationThread + B 773D03BF 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtUnmapViewOfSection + 6 773D065A 1 Byte [65]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtUnmapViewOfSection + 6 773D065A 4 Bytes [65, 03, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[1292] ntdll.dll!NtUnmapViewOfSection + B 773D065F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtCreateFile + 6 773CF41A 4 Bytes [25, 00, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtCreateFile + B 773CF41F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtMapViewOfSection + 6 773CFB6A 1 Byte [25]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtMapViewOfSection + 6 773CFB6A 4 Bytes [25, 03, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtMapViewOfSection + B 773CFB6F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenFile + 6 773CFBFA 4 Bytes [65, 00, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenFile + B 773CFBFF 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcess + 6 773CFC7A 4 Bytes [A5, 01, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcess + B 773CFC7F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcessToken + 6 773CFC8A 4 Bytes [E5, 01, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcessToken + B 773CFC8F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcessTokenEx + 6 773CFC9A 4 Bytes [A5, 02, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcessTokenEx + B 773CFC9F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThread + 6 773CFCEA 4 Bytes [65, 01, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThread + B 773CFCEF 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThreadToken + 6 773CFCFA 4 Bytes [65, 02, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThreadToken + B 773CFCFF 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThreadTokenEx + 6 773CFD0A 4 Bytes [E5, 02, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThreadTokenEx + B 773CFD0F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtQueryAttributesFile + 6 773CFD9A 4 Bytes [A5, 00, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtQueryAttributesFile + B 773CFD9F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtQueryFullAttributesFile + 6 773CFE4A 4 Bytes [E5, 00, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtQueryFullAttributesFile + B 773CFE4F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationFile + 6 773D036A 4 Bytes [25, 01, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationFile + B 773D036F 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationThread + 6 773D03BA 4 Bytes [25, 02, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationThread + B 773D03BF 1 Byte [E2]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtUnmapViewOfSection + 6 773D065A 1 Byte [65]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtUnmapViewOfSection + 6 773D065A 4 Bytes [65, 03, 06, 00]

.text C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtUnmapViewOfSection + B 773D065F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\BTHUSB \Device\0000007d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000007f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service system32\drivers\gaopdxjwrsvlapiexjmbtmejbledamwptjdajm.sys (*** hidden *** ) [sYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b3c72e

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxjwrsvlapiexjmbtmejbledamwptjdajm.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxjwrsvlapiexjmbtmejbledamwptjdajm.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxicvslrqnpecbwyqskvoyqmvdjkmxikow.dll

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37b3c72e

Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxjwrsvlapiexjmbtmejbledamwptjdajm.sys

Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules

Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxjwrsvlapiexjmbtmejbledamwptjdajm.sys

Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxicvslrqnpecbwyqskvoyqmvdjkmxikow.dll

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Also an update: while i know im not out of the woods yet i can now get on the malwarebytes website without being taken to some bogus website, but when i try to get on windows update it states that i need to have ie 5 or above which i used, and i also tried on chrome, and firefox to no avail.

Link to post
Share on other sites

Please don't run tools you are unless you are asked to.

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

c:\windows\system32\drivers\gaopdxjwrsvlapiexjmbtmejbledamwptjdajm.sys

c:\windows\gaopdxserv.sys

c:\windows\system32\gaopdxserv.sys

c:\windows\system32\drivers\gaopdxserv.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.
Link to post
Share on other sites

The only real problem is when i try to go to the microsoft update website i get this message:

Thank you for your interest in obtaining updates from our site.

To use this site, you must be running Microsoft Internet Explorer 5 or later.

To upgrade to the latest version of the browser, go to the Internet Explorer Downloads website.

If you prefer to use a different web browser, you can obtain updates from the Microsoft Download Center or you can stay up to date with the latest critical and security updates by using Automatic Updates. To turn on Automatic Updates:

1. Click Start, click Control Panel, and then click Security.

2. Click Security Center, and then make sure Automatic updating is turned on.

To enhance the security and performance of your computer, make sure Windows automatic updating is not turned off.

And norton wont update but i am going to download avg or avira.

But, other than that everything seems to be in order, i truly appreciate you taking your time to help me.

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:46:00 AM, on 5/2/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16809)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\CF26412.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\ComboFix\handle.cfexe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [JaaduVNCConnect] "C:\Program Files\Jugaari\Jaadu VNC Connect\JaaduConnect.exe" -autostart

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H

O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O22 - SharedTaskScheduler: Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files\Stardock\Fences\DesktopDock.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--

End of file - 12079 bytes

Link to post
Share on other sites

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

Hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:46:00 AM, on 5/2/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16809)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\CF26412.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\ComboFix\handle.cfexe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [JaaduVNCConnect] "C:\Program Files\Jugaari\Jaadu VNC Connect\JaaduConnect.exe" -autostart

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H

O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O22 - SharedTaskScheduler: Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files\Stardock\Fences\DesktopDock.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--

End of file - 12079 bytes

Combofix was too long i had to put it as an attachment

combofix_part_1.txt

combofix_part_1.txt

Link to post
Share on other sites

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-11 02:22:46

Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

SSDT 9D35858C ZwCreateThread

SSDT 9D358578 ZwOpenProcess

SSDT 9D35857D ZwOpenThread

SSDT 9D358587 ZwTerminateProcess

INT 0x61 ? 90EF2550

INT 0x62 ? 90ECD550

INT 0x71 ? 90EF27D0

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 454 822FBA18 4 Bytes [8C, 85, 35, 9D]

.text ntkrnlpa.exe!KeSetTimerEx + 624 822FBBE8 4 Bytes [78, 85, 35, 9D]

.text ntkrnlpa.exe!KeSetTimerEx + 640 822FBC04 4 Bytes [7D, 85, 35, 9D]

.text ntkrnlpa.exe!KeSetTimerEx + 854 822FBE18 4 Bytes [87, 85, 35, 9D]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5916] kernel32.dll!SetUnhandledExceptionFilter 775E6E2D 5 Bytes JMP 64624FAF C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2484] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\BTHUSB \Device\00000080 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000007e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b3c72e

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37b3c72e

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.